CVE-2026-20107

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-dos-rNus8EFw

Configurations

No configuration.

History

No history.

Information

Published : 2026-02-25 17:25

Updated : 2026-02-27 14:06

NVD link : CVE-2026-20107

Mitre link : CVE-2026-20107

CVE.ORG link : CVE-2026-20107

JSON object : View

Products Affected

No product.

CWE

CWE-1220

Insufficient Granularity of Access Control

{"id": "CVE-2026-20107", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "psirt@cisco.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2026-02-25T17:25:27.990", "references": [{"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apic-dos-rNus8EFw", "source": "psirt@cisco.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "psirt@cisco.com", "description": [{"lang": "en", "value": "CWE-1220"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller (APIC) could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service (DoS) condition. To exploit this vulnerability, the attacker must have valid user credentials and any role that includes CLI access.\r\n\r\nThis vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by issuing crafted commands at the CLI prompt. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition."}, {"lang": "es", "value": "Una vulnerabilidad en el componente CLI del Modelo de Objetos de Cisco Application Policy Infrastructure Controller (APIC) podr\u00eda permitir a un atacante local autenticado causar que un dispositivo afectado se recargue inesperadamente, lo que resultar\u00eda en una condici\u00f3n de denegaci\u00f3n de servicio (DoS). Para explotar esta vulnerabilidad, el atacante debe tener credenciales de usuario v\u00e1lidas y cualquier rol que incluya acceso CLI.\n\nEsta vulnerabilidad se debe a una validaci\u00f3n de entrada insuficiente. Un atacante podr\u00eda explotar esta vulnerabilidad emitiendo comandos manipulados en el indicador de la CLI. Un exploit exitoso podr\u00eda permitir al atacante causar que el dispositivo se recargue, lo que resultar\u00eda en una condici\u00f3n de DoS."}], "lastModified": "2026-02-27T14:06:59.787", "sourceIdentifier": "psirt@cisco.com"}